Got Phishing Hooks? What You Need to Know about COMB

You may have heard about the mother of all data breaches over the past couple of days. More than 3.2 billion email-password pairs were posted online. That’s bigger than the Yahoo compromise last year, which exposed a billion users.

The trove is being dubbed COMB, short for Compilation of Many Breaches. The name explains the situation fairly well. There’s no real news here. The posting of COMB is really only meaningful if you’re an identity thief, since it provides a great one-stop-shopping experience for every stripe of identity-related crime.

Why It Matters:

The COMB post is just in time for opening day of fishing season, which starts of course on April Fool’s Day. Of course when it comes to getting hacked, phishing season is year-round.

The specific hooks right now are:

If you prepare your own taxes and you’re not using two-factor authentication on the service that you use, this is the year to set it up. The IRS now allows anyone to get a PIN code to securely file a return. Get yours as soon as possible.

There is nothing more romantic than meeting Mr. or Ms. Right on Valentine’s Day. During Covid that is most likely going to happen online. A catfisher with your email address might be able to lure you into a kind of “love” that costs you bigtime. Be extra careful.

With news of more transmissible strains of Covid-19 circulating, many scams could be afoot, ranging from vaccines, PCR and rapid testing information to contact tracing. Take your time with any emails about Covid-19. Think before you click.

Because the vaccine rollout has been anything but orderly, there’s a flood of vaccine related phishing emails going around. Be especially careful with any email about vaccination. If you are unsure about an email, it is a good idea to err on the side of caution. Online resources are the best place to get vaccine information.

COMB truly is the Wikipedia of all breaches and compromise. But while this warehouse approach to breach data makes phishing and other modes of targeting people convenient, you’re not any more exposed than you were before the revelation of this database. It’s all been “out there” a very long time.

The bottom line here is that If you’re like most people, your cyber hygiene could use some leveling up. At the very least, you should start paying extra attention to breach notifications, stop re-using passwords and choose new harder-to-guess credentials, enable two-factor authentication wherever possible and update your security software whenever a new patch is released.

Originally published at on February 8, 2021.




Founder, CyberScout. Co-founder,

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Mystery of Data Sharing And Privacy Protection: What Differential Privacy Is?

Oz Forensics, a Global Leader in Identity Fraud Prevention, Achieves Perfect Score in Biometric…

How Hackers Steal Credit Card Info From Your Website

Invisible God Hacker Identity Revealed

Quick and Easy Recipes for Improving your Digital Health

Keeping Your Data More Secure in 2022 🔒

A lock ontop of a keyboard and credit cards

The DON’Ts of IT in the Times of Crisis

HTTPS or SSL Certificate, Is it really that important?

Https Keep your website secure from hackers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Levin

Adam Levin

Founder, CyberScout. Co-founder,

More from Medium

The Feisty Forager: Wood Nettles

Women & Tattoos, a feminist movement in ink.

How Does The Media Pick And

Make it right, make it work with JavaScript.